King of Excellent (according to Scaryduck)

Friday, February 12

Chip and Pin

We all know how secure Chip and Pin is. The system that was introduced some 7 years ago, and is SO much better and more secure than the old system of signing a chit. Are you spotting a sense of sarcasm in my tone? That's because, shock horror, knowing your 4 digit code that allows you to withdraw cash from a hole in a wall is not a good idea when it comes to the supermarket queue that stand behind you as you type in your code for 4 pints of milk and a loaf of bread. In fact, I always knew it would be highlighted as flawed. Apparently theft from cards has gone up by 26% since it's introduction, and now it appears you don't even need a PIN to get it to work. The BBC highlights this here, where someone uses a flaw to buy a bottle of water. The real crime here is Cambridge University Cafe charging £5 for the water, but besides that, it shows how easily it can be done. 19 years ago I designed a system for college. It was simple enough, taking the 50 bytes of storage space on the back of a magnetic strip on a card, and translating it into a simple black and white photo of the holder. this was simply done by storing numerical values for different shapes of nose, eyes, mouth, and face, and other things like hair or skin colour. It wasn't perfect, but it was identifiable much like e-fits are today. Unless the would be thief had enough money to get a facelift to look like the victim, I can't see how this could be faked, barring the exception of them changing the data on the card themselves. And yet, we're still happy to type that four digit code meaning the world is our oyster.
Daft? We must be.